Nicolas Williams writes: > On Tue, Mar 11, 2008 at 04:08:04PM -0500, Nicolas Williams wrote: > > Disabling TCP MD5 is not likely to be something apps want to do. TCP > > MD5 is of limited use and applicability, so apps will generally want to > > enable, rather than disable it, and there will/should be few such apps. > > > > (Let's not get into why TCP MD5 is of limited use and applicability.) > > Hmmm, perhaps one might argue that providing APIs would encourage the > use of TCP MD5 while we might want to do the opposite (i.e., discourage > it). I'll think about this.
The only use is for BGP session protection. You need it to be compatible with Cisco and the rest of the BGP-speakers. And, no, there are no plans that I know of for SHA or better algorithms. Nobody wants to revisit this, and I suspect we're all just holding our breath waiting for IKEv2. ;-} It would be silly to use it for anything else, and I'd certainly support a warning label in the man page saying exactly that. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
